Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Consortium to Target Web App Security



 By: Dennis Fisher
2004-02-18
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Founding members of the new group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc.

As part of an effort to crystallize the thinking and product-development around the nascent area of Web application security, a group of vendors will announce next week the formation of a new consortium meant to help define and promote standards concerning application security.

Founding members of the group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc. Known as the Web Application Security Consortium, the group will make its debut at the RSA Conference in San Francisco.

Resource Library:
The groups initial goal is to create a classification system for application security vulnerabilities, attacks and other threats. Many of the attacks that are used against Web applications are quite complex and much of the terminology is outside of the realm of most security specialists expertise. The group hopes to simplify the explanation of things such as cross-site scripting that have become prevalent in recent years.

"Application security itself is very confusing. A lot of developers dont know exactly how these applications are threatened, which is why the applications are still woefully insecure," said Jeremiah Grossamn, CEO of WhiteHat, based in Santa Clara, Calif. "The Web security area is so new, no one knows how to address all the issues."

Cross said the group is approximately 80 percent finished with the classification system, and hopes to have it completed by late March or early April.

Another major focus of the consortiums efforts will be the establishment of industry best practices in several areas, particularly secure coding. Until very recently, most software developers received almost no instruction in college on secure coding practices, and as a result, had no concept of what it took to write a secure application. That state of affairs is changing, as more developers get security training as part of their educations, but there is little agreement among experts on what qualifies as secure coding.

The new consortium hopes to change that by developing guidelines for secure software development. The group also will look at establishing best practices for independent security reviews.



  Reader Comments: Consortium to Target Web App Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}r㶲s\@♵M"b{lc,/K3^:U*$ɐm%g~u~|.dxjlFwh4#I"nZΘt\sfS;uA@ Y>%w>{ '(+ԯ1mnf]S/ _hoL|Nშ :#:@.Pk< Z57껲54o/ne0S-ZIQ>)֐NմHmZ/P8$p$ZB;$?*B4mG$oQT}:XS=2tНS[BT!|HKt/"(?F#&c?9;z'fw^B(ƻFՉziZgC2]hj:TN`Uƞfn=KQz3r- G&lw"ScO$ӡNfI%p/0Q#@ڮSTHfFԲ;o tG ob=uק&Y! bS 3MuN_FBԿ¥0楃5?GpA'ס" 'm_k|uv3<$3~3 CoZHUKo~cn!LjZE&> ؗCY͢`F3l˸-:4 HS(G~@?8r~-trfNeW4ϷFuޅRQ5MQ:Uu7ںs m9k%>g}rԺx'7;Aڼ@o&1`jLTV+Rhf Rc@G,{/BrM7Jq߸+ᖃhGZIAvina[E4b™EUdv*?[Zu"uuY6f0ZjCA/]鮘FȏwAժ}yڽ鑳59m}jz ݙOtHM Wh:s0N/z 6O{uH0kh`cRV> ?vOZd[W/' MDO_0N`mYn]H!-T|Y|ԛE34 i[2)ߦI@w[)@0 +:YK7BS_o3^8nZK}0[RFp&\ ДQCלذ 1"%h6-`i˫ TY嗋mESq>]V4{3Bɝ`g@ɋ BD4?CzC0!pl/\~_5M.΃QwW9Q] K\M흛ǘ+}7Z)]u/{]iz-xD18,]evb`\\77j 1ß} 5kGr*GFX@8ʍ81m!SGñA S&3;,,0 ZG>O;SjZi};Ni$|NI}ѦMޣ8BݘXiI70i+OݺzL^TŞ+LК0#GE 6]LR}t qHhQ0|s0Y[SaP#[ѽ:z?`#0.Zm{Ae^~}¢!1Y@Xȁ{`soweC93(u%w2J}c>] #RRR$S]HPw9DJ B!B0HV0(VF쎄~ .<BICyd&,gQY,p[/)͙J2d0U Q򍜘=b`&Qea*0pRx5Vn,`o+GvP#&F#˰` 3G }= 3̲M҄%Ll;!9?a! s WQ'S: xBoBCEs;J`|Ͱ"̴b֜Eu4>du)nN-˘ R g?f0-qڛuV<ۢfa* ,q[rmׁfX8ȣ=p TfЬ||=厬m[4@>|zS.z:ԍ$r%5kb$T`CL Ϯ[- V!҇FD+ه0`,E=_GMR^-#z0iTWJIUӤck@Lf2,rGmAu،;s4=}Zjt,g \\ipf ZDZLhKAqA0*]y.?VV0\n}єa˘;|qדm*ITR'=\V`QƖ]4FXXH]-'L͎O\NSP^Cs2uKTNj siz4_n?:!'`,mCc$ D!#2!z q[kh0hv*㻏1՞m$R*C01^*== 7S_)-S Mӓe;4 Ϣ+bIۛh|5 |b3HpGL+ 0RsIl x@̬} w2m94c~('cjZ9 XBb+>aL:+lC30XfSf~508x{Wz&[wuvɧ@^􁯍C-o# dS0=̞̝A mۨX9)6?b(vPJ`Y V8g;}DC8ߋIjfR΁MOT*%0=k@" c]f.g|]٘z4> ~SUe@5yJ1kr_JhUm{\ c4w2|u]ITY)(jq g@Vf2UݯT+EzXz,)5rd &RrME7uȋ­7P'#I(OU?}PHUگjYIz, :{Z1n?eVPVW`Zd&{\%\3Li0o)Q멋A fT]Z/)+iQ/ ~ dwm PG c[,^f}0#ёnow/y01Vy?N0ο Ї_i_|D`Qu4߷hClYj2e'A)pdQL?JnWW{隿ð]Q區҈FwnG4߷/ŗlOk~R\/[R ~J`& y~yrU4+$Ey|hq\36MF 1SV5!g42lzE5 q^9`\Bh5c-ͅHg“S&aEy8aZxy~U2kq  I5:=@   k@JA=Vo8m.Y%DC( `E/Щ cAHFrI'zZG>gu3_f Rt4zUrڿHע~}##+y-EY-Vyғ;i9: a!y]9$E_A>?T%ݝ:V8i;FXbp'awʜW#S`Z/ ?Y .k vg>&k?dN-Ƅ `sBk4GϝO(|i@d>HАYc=ty8#- kvzF]Y F=foݷvcW};Ǎ>-l-8tǠ^CҀ3I1&ZQVP**sᔤ˞vɌX^O&Xd1׭P2QvAK JG3`̾qK7׷bRcoJP}|]& {~W*]ۣPIݣw)~=Ҳ(r]&ZDNp5U {II%)x}<.J`RTy^f} m$.E{g[#D:*tcxO||nF?N{X=(}IMN8{(_Bl.AWAg Z ̨ H}wjkB{ext9MNS^>vc"mQ2ގCmřMjigUXR1f}=tR7~5٘/$[7%<&N8p) 𯋍^J 3ᓈxOPTefb\S;3ł_$% "`Gu6qؼVLS@Y,ikg-D_/]* }iXHeazx!HcgtߣnH}ِ/Sewe=.FOtߟK3àA0_:x6M]ٱ0,|+U*#$GxS|(ףx5^ Ԇ|?Fj9cS"<_)z1fk1j-p^Eh;xeM(-mFC!bk0HMw!_ԊW I-'T5=܌]@jI,!_s!"A$ܯB$ 5:wiʝVjM-EV Բqàm銺Mq#黦>_^{6xe}HoLA"m; i5~ai{ZDdƶo|iۅ*/a$uG o- >R/5< #7AAweQoNAɪ"]h q7񂚜qVx˥+_nbMqmlZK{b?й3(X ^S)|C~5_[&-o[GЌ0|F~ZT":w8 iN/ =ދAjc_gی^:G.,ʹh 5tS.7D-@F+ķz4 L.`F޵9\7 *Y*-l߼ ۩s,fER o ZߤLm_mau~ ^i'/*O]ʔ6b5>0qjlnC؆_?  ZRˬk'EI3Ʊ);{`4cT2,,Adf=Lᓽȹy,v5.3h Νko(jXOZx_ڋKۨ_N[̛@UJD? @{H4 JL,C$&Hm(s x@!&T7lik4n;*e]=[G?$=eO) x-5=m%<{6!QYH:^G%Hc+u"mw?C* nO2 {43\0k`꤯ 7vW6FK<L]K&QX#J:* 5EϐGD|d¤ZZt'O|ˢ'o[DxQ)A.^owsN =vφxrwٽcQwǶ+SF˸1cK[,zMKp=AYWSEPؾ78!#9tElX$@e5F?PM};(C^P"^]’[|M}1Ir9ڊbMk@ע~KZC O]c)i+ۏAE!Lj>z)h#8࿬lqn/%\93͒EˉdtMSc%5!S*j~Az)XZbYE-c 2^ӎ iM"rRIoA$zTGN%rRM"|^kik6j=!`5<}On&*kxzJ2Ko^;C'ܬDM%o- ܮǞܐmQNa'c,hWo,nIyqA&N~lkCTp*Bק6:F̽O%LD0J i%V*#/CyQ)A\+5Mj}r@~ciP\kXc>=`ҧEdcu #~V`}{OnTXC,`²!%:0Y飏ji+K M ;8fsQ|tP[˜ozpײZ ǁ; eY3%)XR4X<k_H 㽽Մn$5DX#\NgNNWD]%Ar9t@EP]ׯ0O|Z~\`{|oEZ`3+nsl˪ZMɶ8+YlwAQgg)q8 @\wtc~S4 ?R)%o$:*}+sr`6ވ۳j4k6iJJGh5;Q2*5&L7,g &)<6$AeЇ5T?0n#n*ZM}{FGȚZGt J m[!GhoV0 wAG>p<|SR*=U+%=lhpqJxq8f^zGZQ)MG)}o cb2zވ~7pb XZ`Oh$}bs-RWldb"@՘_Ѻi> ?4uӻhzxX2 LGXȟ PCL~ 'lI=R+-wga-=2čHXZC8 ްnb75|$rkIC9Ҕ5꭛ח=@)a#}~! gL- D޼"c)41GJ[!1}ɹcMZӔpxXҚ0! YC) \ߊBqbZ/{Ƽ͈))K 1ڋȧn1J \-"@e=DqEc pHUӆ.JgeEt037  cn Q&@Ԕu7SI8ע0SN\<7Yef xpƧx} tHM< 2ḂkQ.閣zUQpV#ߛ~Sg8 Xں9PM`2Kݙ?vJ*Q^e5DM@+: [JO!~iJjm8Gj:ٙ%/G>PSq>r:X)` чzIc 3bS׺hIUhD&5+ۼv)r_rʯz}I8SޅnN9rz})കS~'π>g9yvq^_>-4ڧ9пvN?Ӿ)sWh|/E|;ɡoɡOgß(9_~O9P~S(GNy;909{ s#?0~9ׅws?]/rqWU?9{9^}~Z_c}Oyߧ>>oʁorڿi&s$CP̑.Ny甗 ~)W@__y+%YN賊9+F7_+ʡsTh3 Я#dnldҾ:鞦R+ ]q%5-{ᘴ[ͺrn@Kȣ_xi +{IyHGW4:<)~bye?VRRw;]Cڤ\j.{]W[O'ikz(#s<2g!h{U26#{"Գ1ZߟQǒGЬ]#=D)sҗe.o pjY~@ @9z_Ewew4n7wpK|SG0U75imŭxg?9/ydֺWWVF+p'k͠~%k"N^*8z:S w}Y&@Y8'}(hعkjzGrt5pÅ͹H|3fts`I ʾUVjpwrDa3=""CSL`FTMVYi2ZE9(W&K<# .=M^et fMȡ!pCfJ5G P }:[Ǭl*Yۼx`TS;i~$I ?,(sY\Fdl\BfCVyxٍ; V𲢬hcƥ 6%dή1vgu¿6г'pНG ?n 3ɕDy hbգwh9ıPrO?gb+S7ѽtLdp!gB-ҋKl!MPeD˺U&;ژ# E!fȿ,['lyjb)m+ HrWrX {o#˅FUx/C4|/͎F*0y.6VŤe @ v -HZ}vwVqČk,I%f&xc"[Z"U?I6ИYLCvsFdu#x=+6"fG9t}y x_ -^s ]'P "? u+6&ueW -]tAK5 D =bַZ1L^RxgBхo?\vRi 7XfeF`O]WvBaIg N  a"q0u/X;SVT#cE m_1SzA۾"=מ X?m7 6LG4 (Q"q}(!3FQ_cDAR$YMaMSZзkdY9Hz&zU x$.7=j"1: gC“J'rJzc{[/EI)H[QʹT6v ;VA >Dp8C3`ܐ}olI C_x r:Y W96O}0uGĦrCR4OepwR K?93_N[(@P W91"uz ?;<v;fC &+_2uE>v/-ǬyJ~S.u 7tle @J6 mE73B*|X^c 0У,*09G5-E69+z0 LMkÐpai#fSS3 {߂ ixv4%hw2b5g_yfOȅv0,#ŠN|]t1Nʳe_:kvyH%D}Sw= QFK+O(Uƥ2~?\Q|ҽ^'`gh-/=n|xxy*Em9EKB^ T>Vyzھ|uM+_0dF-<#Dg˳̺Uj*$